Dear all,
I've been engaging in applying keycloak onto the systems whose emphasis are on
high-security.
By the way, I've found some typos in RH-SSO and keycloak's manuals, and an
erroneous description on RH-SSO and keycloak's UI, as follows.
I'm not sure it be appropriate that I post such the issue onto this dev mailing list.
If not, please tell me.
1) On 3.19.7 Compromised Access Codes of Server Administration Guide for keycloak 3.0.0
and before, we'd like to use "Authorization Codes" instead of "Access
Codes".
The same is applied on 17.8 Compromised Access Code of Server Administration Guide for
RH-SSO 7.1beta and before.
2) On 3.14.3 Session and Token Timeouts for keycloak 3.0.0 and before, we'd like to
use "Authorization Code Flow in OIDC" instead of "Authentication Code Flow
in OIDC".
The same is applied on 13.3 Session and Token Timeouts of Server Administration Guide for
RH-SSO 7.1beta and before.
3) On "Security Defences" of "Realm Settings" for keycloak 3.0.0 and
before, the description of the tooltip for "Content-Security-Policy" is the same
as "X-Frame-Options".
However, CSP is the different mechanism against X-Frame-Options according to
https://www.w3.org/TR/CSP/.
we'd better consider other description. For example, "Default value prevents
pages from accessing non-origin resources(click label for more information)".
Regards.
Takashi Norimatsu